include:
  - ssh
sssd:
  pkg:
    - name: sssd
    - installed
  service:
    - name: sssd
    - running
    - enable: True
    - reload: True
    - watch:
      - pkg: sssd
      - file: /etc/sssd/sssd.conf 

oddjob-mkhomedir:
  pkg:
    - name: oddjob-mkhomedir
    - installed
  service:
    - name: oddjobd
    - running
    - enable: True
    - require:
      - pkg: oddjob-mkhomedir

/etc/sssd/sssd.conf:
  file.managed: 
    - source: salt://sssd_ldap/files/etc/sssd/sssd.conf
    - user: root  
    - group: root  
    - mode: 0600
    - default:
      ldap_server: ldapserver
    - template: jinja
    - backup: minion

/etc/sysconfig/authconfig:
  file.managed: 
    - source: salt://sssd_ldap/files/etc/sysconfig/authconfig
    - user: root  
    - group: root  
    - mode: 644
    - backup: minion

/etc/nsswitch.conf:
  file.managed: 
    - source: salt://sssd_ldap/files/etc/nsswitch.conf
    - user: root  
    - group: root  
    - mode: 644 
    - backup: minion

/etc/pam.d/fingerprint-auth-ac:
  file.managed:
    - source: salt://sssd_ldap/files/etc/pam.d/fingerprint-auth-ac
    - user: root  
    - group: root  
    - mode: 644 
    - backup: minion

/etc/pam.d/password-auth-ac:
  file.managed:
    - source: salt://sssd_ldap/files/etc/pam.d/password-auth-ac
    - user: root  
    - group: root  
    - mode: 644 
    - backup: minion

/etc/pam.d/smartcard-auth-ac:
  file.managed:
    - source: salt://sssd_ldap/files/etc/pam.d/smartcard-auth-ac
    - user: root  
    - group: root  
    - mode: 644 
    - backup: minion

/etc/pam.d/system-auth-ac:
  file.managed:
    - source: salt://sssd_ldap/files/etc/pam.d/system-auth-ac
    - user: root  
    - group: root  
    - mode: 644
    - backup: minion